From: Gary Lockyer Date: Sun, 27 Sep 2020 20:29:25 +0000 (+1300) Subject: CVE-2020-1472(ZeroLogon): Add zerologon test suite X-Git-Tag: talloc-2.3.2~253 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6f59a5fd8416bd648265b909ca45de6376747548;p=thirdparty%2Fsamba.git CVE-2020-1472(ZeroLogon): Add zerologon test suite Add a ZeroLogon test suite, to allow the ZeroLogon tests to be run against the s3 and s4 netlogon servers. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett --- diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index be0efd3217e..002f6d4a4b0 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -626,6 +626,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh "rpc.samr.passwords.pwdlastset", "rpc.samr.passwords.lockout", "rpc.samr.passwords.badpwdcount", "rpc.samr.large-dc", "rpc.samr.machine.auth", "rpc.samr.priv", "rpc.samr.passwords.validate", "rpc.samr.handletype", "rpc.netlogon.admin", + "rpc.netlogon.zerologon", "rpc.schannel", "rpc.schannel2", "rpc.bench-schannel1", "rpc.schannel_anon_setpw", "rpc.join", "rpc.bind", "rpc.initshutdown", "rpc.wkssvc", "rpc.srvsvc"] diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index ccd895fcd54..71c87229852 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -186,9 +186,9 @@ plantestsuite_loadlist("samba4.tests.attr_from_server.python(ad_dc_ntvfs)", # add tests to this list as they start passing, so we test # that they stay passing ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] -ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] +ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] drs_rpc_tests = smbtorture4_testsuites("drs.rpc") -ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests +ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.drsuapi", "rpc.drsuapi_w2k8", "rpc.netlogon", "rpc.netlogon.admin", "rpc.netlogon.zerologon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests slow_ncacn_np_tests = ["rpc.samlogon", "rpc.samr", "rpc.samr.users", "rpc.samr.large-dc", "rpc.samr.users.privileges", "rpc.samr.passwords", "rpc.samr.passwords.pwdlastset", "rpc.samr.passwords.lockout", "rpc.samr.passwords.badpwdcount"] slow_ncacn_ip_tcp_tests = ["rpc.cracknames"] diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 3fdcfcf9c22..50f1f0158b8 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -5312,6 +5312,15 @@ struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx) return suite; } +struct torture_suite *torture_rpc_netlogon_zerologon(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create( + mem_ctx, + "netlogon.zerologon"); + + return suite; +} + struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin"); diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 243e5d3f207..0adc3a0d597 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -605,6 +605,7 @@ NTSTATUS torture_rpc_init(TALLOC_CTX *ctx) torture_suite_add_suite(suite, torture_rpc_netlogon(suite)); torture_suite_add_suite(suite, torture_rpc_netlogon_s3(suite)); torture_suite_add_suite(suite, torture_rpc_netlogon_admin(suite)); + torture_suite_add_suite(suite, torture_rpc_netlogon_zerologon(suite)); torture_suite_add_suite(suite, torture_rpc_remote_pac(suite)); torture_suite_add_simple_test(suite, "samlogon", torture_rpc_samlogon); torture_suite_add_simple_test(suite, "samsync", torture_rpc_samsync);